10 Employee Behaviors That Raise Cybersecurity Risk
Employee behavior is a major cybersecurity risk. Discover the 10 most common risky actions and how to mitigate them with tailored security programs to protect your enterprise.
Last Updated: 2026-03-12
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Modern enterprises face a persistent challenge: human behavior often introduces cybersecurity vulnerabilities. According to Gartner’s 2022 Drivers of Secure Behavior Survey, 93% of employees admitted to actions that potentially increase organizational risk. Keepnet research found that 70% of organizations have been victims of fake phone calls (vishing), with vishing attacks costing an average of $14 million per year per organization.
Despite security awareness programs, gaps remain between knowledge and behavior, highlighting the urgent need for targeted interventions. Explore the 2024 Voice Phishing Response Report.
The Data Behind Risky Employee Behaviors
The research surveyed 1,310 employees globally across industries and functions, uncovering key insights about insecure practices:
- Traditional, curriculum-based training does not suffice. Awareness doesn’t always translate into secure actions.
- Certain employee segments are more prone to high-risk behaviors, necessitating tailored approaches for risk mitigation.
Top Employee Behaviors That Increase Cybersecurity Risk
The study identified ten prevalent risky actions employees take, emphasizing the critical role of addressing these behaviors to fortify an organization's cybersecurity defenses. Understanding and mitigating these actions can significantly reduce cybersecurity incidents resulting from employee activities.
- Opening Unknown Attachments: 65% of employees open emails, links, or attachments from unknown sources, significantly increasing the risk of malware and phishing.
- Sharing Sensitive Work Information: 58% send sensitive work data without verifying sender legitimacy.
- Sharing Passwords: 52% share work passwords with unauthorized users, weakening access control systems.
- Saving Data on Personal Devices: 59% store work data on personal devices, reducing control over sensitive data.
- Transferring Information Between Accounts: 54% transfer sensitive data between personal and work accounts, exposing it to unauthorized access.
- Using Non-Work Websites for Sensitive Data: 54% input sensitive information into unapproved websites or applications.
- Connecting Unapproved Media: 55% connect USB drives or removable media to work devices without IT approval.
- Bypassing Cybersecurity Controls: 54% bypass cybersecurity protocols instead of seeking formal exception requests.
- Using Unapproved Applications: 52% download applications without IT approval, exposing devices to vulnerabilities.
- Engaging with Unverified Vendors: 57% work with unverified vendors, introducing third-party risks.
Editor's Note: This article was updated on March 12, 2026.
CISOs must build security behavior and culture programs with outcome-driven metrics to continuously measure risky employee behaviors and reduce cybersecurity incidents resulting from employee activity.
Building a Security Behavior and Culture Program
To address these challenges, CISOs must foster a security-first culture. Gartner recommends:
- Segmenting Risky Groups: Identify and target employee segments prone to risky behaviors.
- Leveraging Behavioral Insights: Go beyond awareness and focus on behavioral drivers.
- Implementing Adaptive Learning Programs: Use tools like personalized learning paths to encourage secure actions.
- Promoting Cyber Judgment: Teach employees decision-making frameworks to assess risk dynamically.
How Keepnet Helps Enterprises Build a Security Behavior and Culture Program
Keepnet provides comprehensive tools and solutions to help enterprises address risky human behaviors and build a robust Security Behavior and Culture Program. Here’s how Keepnet can support your organization:
- Phishing Simulation and Security Awareness Training: Keepnet’s platform offers realistic phishing simulations, including MFA, QR, SMS, Voice, Callback, and Reply-to phishing methods, to educate employees and reduce susceptibility to social engineering attacks. Additionally, it provides hyper-personalized, role-based training and nudging techniques to reinforce positive behaviors and address risky employee activities effectively.
- Behavior-Driven Security Metrics: By leveraging behavior-based analytics, Keepnet helps organizations measure and track employee risk levels, ensuring targeted interventions are data-driven.
- Customizable Learning Paths: Keepnet uses advanced AI to create adaptive learning paths tailored to individual employee needs, reinforcing positive security behaviors effectively.
- Incident Response and Reporting: Keepnet’s incident reporting tools empower organizations to promptly detect and respond to risky behaviors while minimizing damages. By simplifying phishing reporting, the platform fosters positive employee behavior, enabling phishing incidents to be analyzed 187x faster and responses to be executed 47x faster, creating a more proactive cybersecurity approach.
- Executive Insights and Reporting: Keepnet’s platform provides actionable executive reports to showcase progress, identify gaps, and align cybersecurity strategies with business objectives. These reports are underpinned by outcome-driven metrics, enabling organizations to quantify the impact of their cybersecurity initiatives and make data-backed decisions.
"Keepnet helps us drive secure behavior improvements across our workforce, building a robust Security Behavior and Culture Program. By measuring both operational and strategic risks, we’ve established a security-conscious organization prepared to counter modern threats."
What This Means for Teams in 2026
10 Employee Behaviors That Raise Cybersecurity Risk is most useful when it helps teams make better day-to-day decisions. The strongest content does more than explain a concept. It shows where risk appears in real work, which actions matter first, and how teams can reduce confusion when the pressure is high.
That is why practical structure matters. A short explanation, a clear response path, and a few repeatable habits usually create more value than broad advice that looks complete but is hard to use.
Keepnet teams usually see stronger results when content like this is tied to a clear workflow, owner, and reporting path. A common mistake is treating 10 employee behaviors that raise cybersecurity risk as background knowledge instead of a decision that shows up in real operations.
Keepnet Recommendation
- Translate the concept into a small set of practical decisions users can apply quickly.
- Focus on the workflows where the issue creates the most business exposure.
- Add reporting and escalation guidance so people know what to do under pressure.
- Review the content regularly so examples and priorities stay current.
SHARE ON